Effect on Performance when using anti-exploits?

I wish to create server-side checks which check all players in the game and make sure they aren’t using exploits (Speed hacks and noclip). I have read some articles on it. To do this I will be getting the position of the player’s humanoid root part every frame and will measure the magnitude between these 2 positions. I will measure the distance traveled in this time and compare it to the default walk speed (16). I will then raycast from these points to detect parts in the way to check if their no-clipping.

Will these calculations and raycasts have an effect on performance? And if they will how great will the effect on performance be?

It depends on how often you check. I made the exact same kind of Anti-Exploit System that checked once a second and it had no performance reduction.

The math itself isn’t complex so its okay to use.

Usually anti-exploits aren’t really the decisive factor of countering exploiters. It is mainly the game design itself and sanitization of remotes from bad input.

Sanitizing remotes is important. But I cannot prevent the player from injecting local scripts to change character speed locally by sanitizing remotes.

Character-based exploits aren’t related to remotes in any way, unless you decided to use the remotes to change that.

If character-based exploits aren’t related to remotes in any way, why are you bringing up sanitizing remotes on my post which is about local exploits injected into the game?

Some games completely don’t include any characters, due to its game design. Thus sanitizing player input is more important there.

Other games include a lot of character-based functionalities, which could be easily exploited. However, certain functionalities cause a problem whenever you’re trying to add an anti-exploit with it. An instance is when the game contains speed powerups.

It’s all in the game design. For the question being, you’ll rather check your playerbase for feedback if there are any issues rather than inquiring it in the first place.

Check my player base for what? Should I have instead of making this post, asked my player base if making an anti-exploit system with raycasting and magnitude checks would be laggy?

Looking outside the question would differ a lot about the general perspective. I’m not going to force you to change your own decision on this. Performance-wise, it is a variable on the code expense itself. There was other considerations about it. To improve the performance, that’s why I mentioned other details that the game design is powerful against exploits AND keeps your performance balanced.

Remember that false positives are a thing and has to be taken to consideration, whenever it impacts players.

Just like any other bit of code, you should make it efficient and keep it as performance beneficial as you can without loosing checks or whatever you may be doing

Here’s what I do.

I send a localscript to a random location in the player’s character.

I make the localscript like 3000 lines separated so the client can’t decompile the script or they’d have to go scroll down too much.

I then make the localscript fire to a remoteevent that changes name.

The localscript fires 2 things. The players walkspeed and their hipheight. Then it deletes itself immediately.

If the server picks up this information it compares to the server side version… if something is off then it kick

If the exploiter deletes the localscript the server wont receive a reply and by default the player will get kicked.

Wouldn’t the exploiter be able to delete the localscript and send a fake remote event with what the server-side walkspeed would be?

I don’t really want to get into that conversation though as it would be off-topic to the thread.

They can’t do it in under 0.03 seconds if the localscript has the arguments arranged differently each time.

Also adding fake numbers etc to confuse the exploiter.

This actually sounds quite promising. I’ll have to try this out at some time. Thanks for sharing.